[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
jmm at debian.org
Mon May 27 21:39:30 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5e1ba48 by Moritz Muehlenhoff at 2019-05-27T20:38:54Z
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1964,10 +1964,12 @@ CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...)
NOT-FOR-US: Zotonic
CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard against sy ...)
- snapd <unfixed> (low; bug #928052)
+ [buster] - snapd <no-dsa> (Minor issue)
[stretch] - snapd <no-dsa> (Minor issue)
NOTE: https://github.com/snapcore/snapd/pull/6642
CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the ownership of a s ...)
- snapd <unfixed> (low; bug #928052)
+ [buster] - snapd <no-dsa> (Minor issue)
[stretch] - snapd <no-dsa> (Minor issue)
NOTE: https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1
CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR ...)
@@ -2117,6 +2119,7 @@ CVE-2019-11461 (An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 a
[stretch] - nautilus <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
[jessie] - nautilus <not-affected> (Vulnerable embedded gnome-desktop thumbnail script introduced later)
NOTE: https://gitlab.gnome.org/GNOME/nautilus/issues/987
+ NOTE: https://gitlab.gnome.org/GNOME/nautilus/commit/2ddba428ef2b13d0620bd599c3635b9c11044659
CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 pr ...)
- gnome-desktop3 <unfixed> (low; bug #928732)
[buster] - gnome-desktop3 <no-dsa> (Minor issue)
@@ -3172,6 +3175,7 @@ CVE-2019-11027
RESERVED
CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
- poppler <unfixed> (low; bug #926721)
+ [buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8051f678b3b43326e5fdfd7c03f39de21059f426
@@ -33143,6 +33147,7 @@ CVE-2019-0188
NOT-FOR-US: Apache Camel
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
- jakarta-jmeter <unfixed>
+ [buster] - jakarta-jmeter <no-dsa> (Minor issue)
[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5e1ba48fa337a6b5b7af130994bb8d0488d0ef8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f5e1ba48fa337a6b5b7af130994bb8d0488d0ef8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190527/297d6d8a/attachment.html>
More information about the debian-security-tracker-commits
mailing list